diff options
author | Christian Schneider | 2019-09-10 16:12:10 +0200 |
---|---|---|
committer | Christian Schneider | 2019-09-10 16:12:10 +0200 |
commit | e91007ce1623a25818fc6545662caad683bf696b (patch) | |
tree | 59e7b675e79e77d31127fb753c2bf99ee27de017 | |
parent | 7cacb3fbd49cdd5b960242e5c988e94d823eae67 (diff) | |
download | itools-e91007ce1623a25818fc6545662caad683bf696b.tar.gz itools-e91007ce1623a25818fc6545662caad683bf696b.tar.bz2 itools-e91007ce1623a25818fc6545662caad683bf696b.zip |
Revert "New it_session::setcookie() which uses SameSite=Lax"
This reverts commit 7cacb3fbd49cdd5b960242e5c988e94d823eae67.
-rw-r--r-- | it_session.class | 16 | ||||
-rw-r--r-- | it_user.class | 2 |
2 files changed, 3 insertions, 15 deletions
diff --git a/it_session.class b/it_session.class index 866e197..f1dc541 100644 --- a/it_session.class +++ b/it_session.class @@ -165,7 +165,7 @@ function set_valid($valid = true, $login_identifier_required = false, $login_ide $result = !$valid; /* Setting to invalid succeeded or setting to valid failed */ } - self::setcookie([ 'name' => $this->cookiename, 'value' => $this->cookie, 'expires' => _IT_SESSION_COOKIE_EXPIRY, 'domain' => $this->domain, 'secure' => $this->ssl ]); + @setcookie($this->cookiename, $this->cookie, _IT_SESSION_COOKIE_EXPIRY, "/", $this->domain, $this->ssl, true); $_COOKIE[$this->cookiename] = $this->cookie; return $result; @@ -190,7 +190,7 @@ function create_login_identifier() if (!$this->cookie) { $this->cookie = md5(uniqid(rand())); /* random garbage */ - self::setcookie([ 'name' => $this->cookiename, 'value' => $this->cookie, 'expires' => _IT_SESSION_COOKIE_EXPIRY, 'domain' => $this->domain, 'secure' => $this->ssl ]); + @setcookie($this->cookiename, $this->cookie, _IT_SESSION_COOKIE_EXPIRY, "/", $this->domain, $this->ssl, true); } $login_identifier = $this->_mkcookie("", $this->cookie); @@ -240,18 +240,6 @@ function check_signature($text, $signature) ($this->_sign($text, $this->prev) == $signature)); } -/* - * Set cookie with options as safe as possible for session - * @param $p['name'] Name of cookie - * @param $p['value'] Value of cookie - * @param $p Other options: expires, path, domain, secure, httponly and samesite - */ -static function setcookie($p) -{ - $p += [ 'path' => '/', 'httponly' => true, 'samesite' => 'Lax' ]; - return version_compare(PHP_VERSION, '7.3.0') >= 0 ? @setcookie($p['name'], $p['value'], $p) : @setcookie($p['name'], $p['value'], $p['expires'], $p['path'], $p['domain'], $p['secure'], $p['httponly']); -} - } /* End class it_user */ ?> diff --git a/it_user.class b/it_user.class index a972130..26046cf 100644 --- a/it_user.class +++ b/it_user.class @@ -205,7 +205,7 @@ function _set_uid($uid) if (!isset($_COOKIE[$this->p['uidcookiename']]) || ($_COOKIE[$this->p['uidcookiename']] != $uid)) { - it_session::setcookie([ 'name' => $this->p['uidcookiename'], 'value' => $uid, 'expires' => _IT_USER_UID_COOKIE_LIFETIME, 'domain' => $this->domain, 'secure' => false ]); + @setcookie($this->p['uidcookiename'], $uid, _IT_USER_UID_COOKIE_LIFETIME, "/", $this->domain, false, true); $_COOKIE[$this->p['uidcookiename']] = $uid; } } |